lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y2WBh0NveQU+Wo25@magnolia>
Date:   Fri, 4 Nov 2022 14:17:59 -0700
From:   "Darrick J. Wong" <djwong@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>, djwong@...nel.org
Cc:     linux-xfs@...r.kernel.org, linux-kernel@...r.kernel.org,
        allison.henderson@...cle.com, colin.i.king@...il.com,
        guoxuenan@...wei.com, lizetao1@...wei.com, zengheng4@...wei.com
Subject: [GIT PULL] xfs: fixes for 6.1-rc4

Hi Linus,

Please pull this rather large branch with fixes for xfs for 6.1-rc4.
Dave and I had thought that this would be a very quiet cycle, but we
thought wrong.

At first there were the usual trickle of minor bugfixes, but then Zorro
pulled -rc1 and noticed complaints about the stronger memcpy checks
w.r.t. flex arrays.  Analyzing how to fix that revealed a bunch of
validation gaps in validating ondisk log items during recovery, and then
a customer hit an infinite loop in the refcounting code on a corrupt
filesystem.

So.  This largeish batch of fixes addresses all those problems, I hope.

As usual, I did a test-merge with the main upstream branch as of a few
minutes ago, and didn't see any conflicts.  Please let me know if you
encounter any problems.

--D

The following changes since commit 9abf2313adc1ca1b6180c508c25f22f9395cc780:

  Linux 6.1-rc1 (2022-10-16 15:36:24 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git tags/xfs-6.1-fixes-4

for you to fetch changes up to 4eb559dd15671cca355a61a4164e8f19e3952637:

  Merge tag 'refcount-cow-domain-6.1_2022-10-31' of git://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux into xfs-6.1-fixesA (2022-11-01 09:52:13 -0700)

----------------------------------------------------------------
Bug fixes for 6.1-rc4:

- Fix a UAF bug during log recovery.
- Fix memory leaks when mount fails.
- Detect corrupt bestfree information in a directory block.
- Fix incorrect return value type for the dax page fault handlers.
- Fix fortify complaints about memcpy of xfs log item objects.
- Strengthen inadequate validation of recovered log items.
- Fix incorrectly declared flex array in EFI log item structs.
- Log corrupt log items for debugging purposes.
- Fix infinite loop problems in the refcount code if the refcount btree
  node block keys are corrupt.
- Fix infinite loop problems in the refcount code if the refcount btree
  records suffer MSB bitflips.
- Add more sanity checking to continued defer ops to prevent overflows
  from one AG to the next or off EOFS.

----------------------------------------------------------------
Allison Henderson (1):
      xfs: increase rename inode reservation

Colin Ian King (1):
      xfs: remove redundant pointer lip

Darrick J. Wong (25):
      xfs: avoid a UAF when log intent item recovery fails
      xfs: fix incorrect return type for fsdax fault handlers
      xfs: fix validation in attr log item recovery
      xfs: fix memcpy fortify errors in BUI log format copying
      xfs: fix memcpy fortify errors in CUI log format copying
      xfs: fix memcpy fortify errors in RUI log format copying
      xfs: make sure aglen never goes negative in xfs_refcount_adjust_extents
      xfs: fix memcpy fortify errors in EFI log format copying
      xfs: create a predicate to verify per-AG extents
      xfs: refactor all the EFI/EFD log item sizeof logic
      xfs: check deferred refcount op continuation parameters
      xfs: actually abort log recovery on corrupt intent-done log items
      xfs: move _irec structs to xfs_types.h
      xfs: dump corrupt recovered log intent items to dmesg consistently
      xfs: refactor refcount record usage in xchk_refcountbt_rec
      xfs: track cow/shared record domains explicitly in xfs_refcount_irec
      xfs: report refcount domain in tracepoints
      xfs: refactor domain and refcount checking
      xfs: remove XFS_FIND_RCEXT_SHARED and _COW
      xfs: check record domain when accessing refcount records
      xfs: fix agblocks check in the cow leftover recovery function
      xfs: fix uninitialized list head in struct xfs_refcount_recovery
      xfs: rename XFS_REFC_COW_START to _COWFLAG
      Merge tag 'fix-log-recovery-misuse-6.1_2022-10-31' of git://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux into xfs-6.1-fixes
      Merge tag 'refcount-cow-domain-6.1_2022-10-31' of git://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux into xfs-6.1-fixesA

Guo Xuenan (1):
      xfs: fix exception caused by unexpected illegal bestcount in leaf dir

Li Zetao (1):
      xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init()

Zeng Heng (1):
      xfs: fix memory leak in xfs_errortag_init

 fs/xfs/libxfs/xfs_ag.h             |  15 ++
 fs/xfs/libxfs/xfs_alloc.c          |   6 +-
 fs/xfs/libxfs/xfs_dir2_leaf.c      |   9 +-
 fs/xfs/libxfs/xfs_format.h         |  22 +--
 fs/xfs/libxfs/xfs_log_format.h     |  60 +++++++-
 fs/xfs/libxfs/xfs_refcount.c       | 286 ++++++++++++++++++++++++++-----------
 fs/xfs/libxfs/xfs_refcount.h       |  40 +++++-
 fs/xfs/libxfs/xfs_refcount_btree.c |  15 +-
 fs/xfs/libxfs/xfs_rmap.c           |   9 +-
 fs/xfs/libxfs/xfs_trans_resv.c     |   4 +-
 fs/xfs/libxfs/xfs_types.h          |  30 ++++
 fs/xfs/scrub/alloc.c               |   4 +-
 fs/xfs/scrub/ialloc.c              |   5 +-
 fs/xfs/scrub/refcount.c            |  72 ++++------
 fs/xfs/xfs_attr_item.c             |  67 +++++----
 fs/xfs/xfs_bmap_item.c             |  54 +++----
 fs/xfs/xfs_error.c                 |   9 +-
 fs/xfs/xfs_extfree_item.c          |  94 ++++++------
 fs/xfs/xfs_extfree_item.h          |  16 +++
 fs/xfs/xfs_file.c                  |   7 +-
 fs/xfs/xfs_inode.c                 |   2 +-
 fs/xfs/xfs_log_recover.c           |  10 +-
 fs/xfs/xfs_ondisk.h                |  23 ++-
 fs/xfs/xfs_refcount_item.c         |  57 ++++----
 fs/xfs/xfs_rmap_item.c             |  70 ++++-----
 fs/xfs/xfs_super.c                 |  12 +-
 fs/xfs/xfs_sysfs.h                 |   7 +-
 fs/xfs/xfs_trace.h                 |  48 +++++--
 fs/xfs/xfs_trans_ail.c             |   3 +-
 29 files changed, 670 insertions(+), 386 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ